Extending existing storage devices in virtualized  environments

ABSTRACT

A method, system and computer program product for providing a guest with access to a virtual storage on a physical storage using a peripheral component interface hub. In one embodiment, the method comprises the guest sending to the peripheral component interface hub a request to access the physical storage, the request including physical addresses of the physical storage, and the peripheral component interface hub sending specified information about the request to a hypervisor. This method further comprises the hypervisor determining whether to grant or to reject the request; and when the hypervisor grants the request, the hypervisor sending a configuration command to the peripheral component interface hub. This command includes a mapping of addresses from the physical storage to addresses from the virtual storage. In an embodiment, the peripheral component interface hub uses this mapping to replace the addresses in the request with translated virtual addresses.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of copending U.S. patent applicationSer. No. 14/317,054, filed Jun. 27, 2014, the entire contents anddisclosure of which are hereby incorporated by reference herein.

BACKGROUND

This invention generally relates to using storage devices in virtualizedenvironments.

With the increased use of software defined environments such as cloudcomputing and/or software defined datacenters, there is a need forefficient virtualization along all physical resources. The advantages ofvirtual machine technology have become widely recognized. Among theseadvantages is the ability to run multiple virtual machines on a singlehost platform. This can make better use of the capacity of the hardware,while still ensuring that each user enjoys the features of a “complete”computer. An additional benefit of virtualization, in someimplementations, is greater security.

A virtual machine (VM) is a software abstraction, or “virtualization,”of an actual physical computer system. Multiple virtual machines (VMs)can be installed on a physical host machine, referred to as a “host,”which includes physical system hardware. The physical system hardwaretypically includes one or more physical processors and physical memoryand various other physical devices, such as an input/output (10) storageadapter to perform protocol conversions required to access a remotestorage such as over a shared storage access network (SAN).

The virtual system hardware ordinarily includes one or more virtualprocessors, virtual memory, at least one virtual disk, and one or morevirtual devices all of which may be implemented using software toconfigure physical components of a physical machine to emulate thevirtual components. One or more layers of co-resident softwarecomponents comprising a virtualization intermediary, e.g. a virtualmachine monitor (VMM), hypervisor or some combination thereof acts toinstantiate and provision VMs and to allocate host resources dynamicallyand transparently among the VMs so that their respective guest operatingsystems can run concurrently on a single physical machine.

Most all cloud computing environments heavily rely on virtualization oftheir resources. Well known are the technologies for central processingunit (CPU) virtualization, where many of the virtual machine conceptsare now integrated into the processor architecture. Examples of theseare dualities of page tables, interrupt routing, etc. This hassignificantly increased the performance of CPU virtualization and alsocontributed to the isolation properties among virtual machines that mustbe satisfied.

In contrast, storage I/O devices have seen limited attention forefficient sharing. In general, I/O devices are still managed indirectlyby the hypervisor. Guest virtual machine interact through their devicedrivers to a virtual device that trapped into the hypervisor, where thestorage function is then implemented against a storage device. In manycases, virtual disks (vdisks) are managed by the hypervisor as files.This leads to significant inefficiencies as disk I/O in the guestresults in a trap into the hypervisor, where a full I/O stack then needsto be traversed to translate the block access to the vdisk to a fileaccess request, ultimately leading to a block request on the realdevice.

BRIEF SUMMARY

A method, system and computer program product for providing a guest withaccess to a virtual storage on a physical storage using a peripheralcomponent interface hub. In one embodiment, the method comprises theguest sending to the peripheral component interface hub a request toaccess the physical storage, the request including physical addresses ofthe physical storage and the peripheral component interface hub sendingspecified information about the request to a hypervisor. This methodfurther comprises the hypervisor determining whether to grant or toreject the request from the guest; and when the hypervisor grants therequest, the hypervisor sending a configuration command to theperipheral component interface hub, said configuration command includinga mapping of addresses from the physical storage to addresses from thevirtual storage.

In an embodiment, the peripheral component interface hub uses saidmapping to replace the physical addresses in the request with translatedvirtual addresses.

In one embodiment, the peripheral component interface hub forwards therequest from the guest, with the translated virtual addresses, to astorage controller, and the storage controller uses said translatedvirtual addresses to access the virtual storage to respond to therequest from the guest.

In one embodiment, the physical storage includes multiple physicalstorage devices.

In an embodiment, the peripheral component interface hub includes aplurality of virtual function; and the request to access the physicalstorage is sent to one of the virtual functions of the peripheralcomponent interface hub.

In one embodiment, the peripheral component interface hub furtherincludes at least one physical function, and the specified informationabout the request is sent to the hypervisor from the at least onephysical function.

In an embodiment, the peripheral component interface hub includes amechanism to provide mapping within the peripheral component interfacehub to virtualize disks behind multiple storage controllers.

In an embodiment, the peripheral component interface hub includes amechanism to provide authentication of the guest to access the virtualstorage controlled by the peripheral component interface hub.

In one embodiment, the guest sends an authentication key to theperipheral component interface hub to authenticate the guest to theperipheral component interface hub.

In an embodiment, the guest sends to the peripheral component interfacehub another request to access the physical storage, said another requestincluding the authentication key of the guest; and in response to saidanother request, the peripheral component interface hub enables theguest to access the virtual storage without intervention of thehypervisor.

Embodiments of the invention allow a guest to access a vdisk that islocated on the host without incurring additional overhead, yet maintainthe isolation requirements and quality of service (QoS) enforcementsthat a hypervisor executed 110 stack provides.

Embodiments of the invention provide a Peripheral Component Interface(PCI) hub solution able to expose multiple virtual functions, one foreach guest operating system running, and to translate accessed intostandard disk 10 requests for traditional disk controllers.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 depicts a cloud computing node according to an embodiment of thepresent invention.

FIG. 2 depicts a cloud computing environment according to an embodimentof the present invention.

FIG. 3 depicts abstraction model layers according to an embodiment ofthe present invention.

FIG. 4 illustrates a computer system that implements virtualization andwith which embodiments of the invention may be used.

FIG. 5 shows an architecture, in accordance with an embodiment of theinvention, for using storage devices in a virtualized environment.

FIG. 6 illustrates a method that may be used, in an embodiment of theinvention, for providing a virtual disk to a guest.

DETAILED DESCRIPTION

It is understood in advance that although this disclosure includes adetailed description on cloud computing, implementation of the teachingsrecited herein are not limited to a cloud computing environment. Rather,embodiments of the present invention are capable of being implemented inconjunction with any other type of computing environment now known orlater developed.

Cloud computing is a model of service delivery for enabling convenient,on-demand network access to a shared pool of configurable computingresources (e.g. networks, network bandwidth, servers, processing,memory, storage, applications, virtual machines, and services) that canbe rapidly provisioned and released with minimal management effort orinteraction with a provider of the service. This cloud model may includeat least five characteristics, at least three service models, and atleast four deployment models.

Characteristics are as follows:

On-demand self-service: a cloud consumer can unilaterally provisioncomputing capabilities, such as server time and network storage, asneeded automatically without requiring human interaction with theservice's provider.

Broad network access: capabilities are available over a network andaccessed through standard mechanisms that promote use by heterogeneousthin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling: the provider's computing resources are pooled to servemultiple consumers using a multi-tenant model, with different physicaland virtual resources dynamically assigned and reassigned according todemand. There is a sense of location independence in that the consumergenerally has no control or knowledge over the exact location of theprovided resources but may be able to specify location at a higher levelof abstraction (e.g., country, state, or datacenter).

Rapid elasticity: capabilities can be rapidly and elasticallyprovisioned, in some cases automatically, to quickly scale out andrapidly released to quickly scale in. To the consumer, the capabilitiesavailable for provisioning often appear to be unlimited and can bepurchased in any quantity at any time.

Measured service: cloud systems automatically control and optimizeresource use by leveraging a metering capability at some level ofabstraction appropriate to the type of service (e.g., storage,processing, bandwidth, and active user accounts). Resource usage can bemonitored, controlled, and reported providing transparency for both theprovider and consumer of the utilized service.

Service Models are as follows:

Software as a Service (SaaS): the capability provided to the consumer isto use the provider's applications running on a cloud infrastructure.The applications are accessible from various client devices through athin client interface such as a web browser (e.g., web-based e-mail).The consumer does not manage or control the underlying cloudinfrastructure including network, servers, operating systems, storage,or even individual application capabilities, with the possible exceptionof limited user-specific application configuration settings.

Platform as a Service (PaaS): the capability provided to the consumer isto deploy onto the cloud infrastructure consumer-created or acquiredapplications created using programming languages and tools supported bythe provider. The consumer does not manage or control the underlyingcloud infrastructure including networks, servers, operating systems, orstorage, but has control over the deployed applications and possiblyapplication hosting environment configurations.

Infrastructure as a Service (IaaS): the capability provided to theconsumer is to provision processing, storage, networks, and otherfundamental computing resources where the consumer is able to deploy andrun arbitrary software, which can include operating systems andapplications. The consumer does not manage or control the underlyingcloud infrastructure but has control over operating systems, storage,deployed applications, and possibly limited control of select networkingcomponents (e.g., host firewalls).

Deployment Models are as follows:

Private cloud: the cloud infrastructure is operated solely for anorganization. It may be managed by the organization or a third party andmay exist on-premises or off-premises.

Community cloud: the cloud infrastructure is shared by severalorganizations and supports a specific community that has shared concerns(e.g., mission, security requirements, policy, and complianceconsiderations). It may be managed by the organizations or a third partyand may exist on-premises or off-premises.

Public cloud: the cloud infrastructure is made available to the generalpublic or a large industry group and is owned by an organization sellingcloud services.

Hybrid cloud: the cloud infrastructure is a composition of two or moreclouds (private, community, or public) that remain unique entities butare bound together by standardized or proprietary technology thatenables data and application portability (e.g., cloud bursting forload-balancing between clouds).

A cloud computing environment is service oriented with a focus onstatelessness, low coupling, modularity, and semantic interoperability.At the heart of cloud computing is an infrastructure comprising anetwork of interconnected nodes.

Referring now to FIG. 1, a schematic of an example of a cloud computingnode is shown. Cloud computing node 10 is only one example of a suitablecloud computing node and is not intended to suggest any limitation as tothe scope of use or functionality of embodiments of the inventiondescribed herein. Regardless, cloud computing node 10 is capable ofbeing implemented and/or performing any of the functionality set forthhereinabove.

In cloud computing node 10 there is a computer system/server 12, whichis operational with numerous other general purpose or special purposecomputing system environments or configurations. Examples of well-knowncomputing systems, environments, and/or configurations that may besuitable for use with computer system/server 12 include, but are notlimited to, personal computer systems, server computer systems, thinclients, thick clients, hand-held or laptop devices, multiprocessorsystems, microprocessor-based systems, set top boxes, programmableconsumer electronics, network PCs, minicomputer systems, mainframecomputer systems, and distributed cloud computing environments thatinclude any of the above systems or devices, and the like.

Computer system/server 12 may be described in the general context ofcomputer system-executable instructions, such as program modules, beingexecuted by a computer system. Generally, program modules may includeroutines, programs, objects, components, logic, data structures, and soon that perform particular tasks or implement particular abstract datatypes. Computer system/server 12 may be practiced in distributed cloudcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. In adistributed cloud computing environment, program modules may be locatedin both local and remote computer system storage media including memorystorage devices.

As shown in FIG. 1, computer system/server 12 in cloud computing node 10is shown in the form of a general-purpose computing device. Thecomponents of computer system/server 12 may include, but are not limitedto, one or more processors or processing units 16, a system memory 28,and a bus 18 that couples various system components including systemmemory 28 to processor 16.

Bus 18 represents one or more of any of several types of bus structures,including a memory bus or memory controller, a peripheral bus, anaccelerated graphics port, and a processor or local bus using any of avariety of bus architectures. By way of example, and not limitation,such architectures include Industry Standard Architecture (ISA) bus,Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, VideoElectronics Standards Association (VESA) local bus, and PeripheralComponent Interconnects (PCI) bus.

Computer system/server 12 typically includes a variety of computersystem readable media. Such media may be any available media that isaccessible by computer system/server 12, and it includes both volatileand non-volatile media, removable and non-removable media.

System memory 28 can include computer system readable media in the formof volatile memory, such as random access memory (RAM) 30 and/or cachememory 32. Computer system/server 12 may further include otherremovable/non-removable, volatile/non-volatile computer system storagemedia. By way of example only, storage system 34 can be provided forreading from and writing to a non-removable, non-volatile magnetic media(not shown and typically called a “hard drive”). Although not shown, amagnetic disk drive for reading from and writing to a removable,non-volatile magnetic disk (e.g., a “floppy disk”), and an optical diskdrive for reading from or writing to a removable, non-volatile opticaldisk such as a CD-ROM, DVD-ROM or other optical media can be provided.In such instances, each can be connected to bus 18 by one or more datamedia interfaces. As will be further depicted and described below,memory 28 may include at least one program product having a set (e.g.,at least one) of program modules that are configured to carry out thefunctions of embodiments of the invention.

Program/utility 40, having a set (at least one) of program modules 42,may be stored in memory 28 by way of example, and not limitation, aswell as an operating system, one or more application programs, otherprogram modules, and program data. Each of the operating system, one ormore application programs, other program modules, and program data orsome combination thereof, may include an implementation of a networkingenvironment. Program modules 42 generally carry out the functions and/ormethodologies of embodiments of the invention as described herein.

Computer system/server 12 may also communicate with one or more externaldevices 14 such as a keyboard, a pointing device, a display 24, etc.;one or more devices that enable a user to interact with computersystem/server 12; and/or any devices (e.g., network card, modem, etc.)that enable computer system/server 12 to communicate with one or moreother computing devices. Such communication can occur via Input/Output(I/O) interfaces 22. Still yet, computer system/server 12 cancommunicate with one or more networks such as a local area network(LAN), a general wide area network (WAN), and/or a public network (e.g.,the Internet) via network adapter 20. As depicted, network adapter 20communicates with the other components of computer system/server 12 viabus 18. It should be understood that although not shown, other hardwareand/or software components could be used in conjunction with computersystem/server 12. Examples, include, but are not limited to: microcode,device drivers, redundant processing units, external disk drive arrays,RAID systems, tape drives, and data archival storage systems, etc.

Referring now to FIG. 2, illustrative cloud computing environment 50 isdepicted. As shown, cloud computing environment 50 comprises one or morecloud computing nodes 10 with which local computing devices used bycloud consumers, such as, for example, personal digital assistant (PDA)or cellular telephone 54A, desktop computer 54B, laptop computer 54C,and/or automobile computer system 54N may communicate. Nodes 10 maycommunicate with one another. They may be grouped (not shown) physicallyor virtually, in one or more networks, such as Private, Community,Public, or Hybrid clouds as described hereinabove, or a combinationthereof. This allows cloud computing environment 50 to offerinfrastructure, platforms and/or software as services for which a cloudconsumer does not need to maintain resources on a local computingdevice. It is understood that the types of computing devices 54A-N shownin FIG. 2 are intended to be illustrative only and that computing nodes10 and cloud computing environment 50 can communicate with any type ofcomputerized device over any type of network and/or network addressableconnection (e.g., using a web browser).

Referring now to FIG. 3, a set of functional abstraction layers providedby cloud computing environment 50 (FIG. 2) is shown. It should beunderstood in advance that the components, layers, and functions shownin FIG. 3 are intended to be illustrative only and embodiments of theinvention are not limited thereto. As depicted, the following layers andcorresponding functions are provided:

Hardware and software layer 60 includes hardware and softwarecomponents. Examples of hardware components include mainframes, in oneexample IBM® zSeries® systems; RISC (Reduced Instruction Set Computer)architecture based servers, in one example IBM pSeries® systems; IBMxSeries® systems; IBM BladeCenter® systems; storage devices; networksand networking components. Examples of software components includenetwork application server software, in one example IBM WebSphere®application server software; and database software, in one example IBMDB2® database software. (IBM, zSeries, pSeries, xSeries, BladeCenter,WebSphere, and DB2 are trademarks of International Business MachinesCorporation registered in many jurisdictions worldwide).

Virtualization layer 62 provides an abstraction layer from which thefollowing examples of virtual entities may be provided: virtual servers;virtual storage; virtual networks, including virtual private networks;virtual applications and operating systems; and virtual clients.

In one example, management layer 64 may provide the functions describedbelow. Resource provisioning provides dynamic procurement of computingresources and other resources that are utilized to perform tasks withinthe cloud computing environment. Metering and Pricing provide costtracking as resources are utilized within the cloud computingenvironment, and billing or invoicing for consumption of theseresources. In one example, these resources may comprise applicationsoftware licenses. Security provides identity verification for cloudconsumers and tasks, as well as protection for data and other resources.User portal provides access to the cloud computing environment forconsumers and system administrators. Service level management providescloud computing resource allocation and management such that requiredservice levels are met. Service Level Agreement (SLA) planning andfulfillment provide pre-arrangement for, and procurement of, cloudcomputing resources for which a future requirement is anticipated inaccordance with an SLA.

Workloads layer 66 provides examples of functionality for which thecloud computing environment may be utilized. Examples of workloads andfunctions which may be provided from this layer include: mapping andnavigation; software development and lifecycle management; virtualclassroom education delivery; data analytics processing; transactionprocessing; and correlation based adaptive network monitoring.

Embodiments of the invention provide a method, system and computerprogram product for using storage in a virtualized environment. FIG. 4is an illustrative drawing showing one possible arrangement of acomputer system 100 that implements virtualization and in which or withwhich embodiments of the invention may be implemented. In the examplesystem of FIG. 4, multiple virtual machines (VMs) or “guests” VM1 to VMnare installed on a “host platform,” referred to as a “host,” whichincludes system hardware, that is, hardware platform 104, and one ormore layers of co-resident software components comprising avirtualization intermediary, e.g. a virtual machine monitor (VMM),hypervisor or some combination thereof. The system hardware typicallyincludes one or more physical processors 106, physical memory 108, someform of mass storage 110, and various other physical devices 112, suchas an I0 storage adapter to perform protocol conversions required toaccess remote storage such as within a storage access network (SAN) 113and to coordinate concurrent accesses to such storage.

Each virtual machine VM1 to VMn typically will have both guest systemsoftware 115 and virtual system hardware, which typically includes oneor more virtual CPUs (VCPUs) 116-1 to 116-m, virtual memory 118, atleast one virtual disk 122, and one or more virtual devices 120. Thevirtual hardware components of the virtual machine may be implemented insoftware using known techniques to emulate the corresponding physicalcomponents. The guest system software includes guest operating system(OS) 124 and virtual drivers 126 as needed for the various virtualdevices 120.

As is well known to persons skilled in the art, a typical device driveris a computer program based component that runs on (i.e. configures) amachine (e.g. host computer) and acts as a translator between a physicaldevice and the applications or operating systems that use the device. Adevice driver typically accepts generic high-level commands and breaksthem into a series of low-level device-specific commands as required bythe device being driven. A virtual driver 126 is a computer programbased component that runs on a host computer and performs the same roleas a physical driver except that it configures a machine (e.g. hostcomputer) to provide translation between a virtual device 120 thatprovides hardware emulation and that runs within the VMM and the guestoperating system 124. Furthermore, drivers (virtual or physical) canprovide a level of security as they can run in kernel-mode, therebyprotecting the operating system from applications running in user-mode.

In many cases, software applications 128 running on a virtual machineVM1 will function as they would if run on a “real” computer, even thoughthe applications are running at least partially indirectly, that is viaguest operating system (OS) 124 and virtual processor(s). Executablefiles will be accessed by the guest OS from virtual disk 122 or virtualmemory 118, which will correspond to portions of an actual physical disk110 or storage on the SAN 113 or memory 108 allocated to that virtualmachine.

In embodiments of the invention, the hypervisor signifies a softwarelayer implemented to manage physical resources, process creation, I/Ostacks, and that includes physical device drivers 133 (only one shown)that serve as an interface to host system devices such as an IO storageadapter. Under such an implementation, the hypervisor 132 would managethe selections of physical devices and their temporary assignment tovirtual devices. For example, the hypervisor kernel 132 would manage themapping between VM1-VMn and their virtual processors 116-1 to 116-m,virtual memory 118, and the physical hardware devices that are selectedto implement these virtual devices.

More particularly, when a virtual processor is dispatched by a VM, aphysical processor, such as one of the physical processors 104, would bescheduled by the hypervisor 132 to perform the operations of thatvirtual processor. In contrast, in the context of such implementation,VMM1-VMMn might be responsible for actually executing commands onphysical processors, performing binary translation (BT) or programmingof virtual hardware, for example.

The various virtualized hardware components of the VM1, such as VCPU(s)116-1 to 116-m, virtual memory 118, virtual disk 122, and virtualdevice(s) 120, are shown as being emulated within VMM1, which runswithin virtual machine VM1. One advantage of such an arrangement is thatthe virtual machine monitors VMM1 to VMMn may be set up to expose“generic” devices, which facilitate VM migration and hardwareplatform-independence. For example, the VMM1 may be set up to emulate astandard Small Computer System Interface (SCSI) disk, so that thevirtual disk 122 appears to the VM1 to be a conventional SCSI diskconnected to a conventional SCSI adapter, whereas the underlying,actual, physical disk 110 may be something else.

The term “disk” typically signifies persistently stored data addressedin sequence, typically from address zero to address max capacity-1. Inthat case, a conventional SCSI driver typically would be installed intothe guest OS 124 as one of the virtual drivers 126. A virtual device 120within the VMM then would provide an interface between VM1 and aphysical device driver 133 within the hypervisor kernel 132 that servesas an interface to a physical device (e.g., device 112) that is part ofthe host system and would handle disk operations for the VM1.

The system of FIG. 4 is an example of a non-hosted configuration inwhich VMMs are deployed on top of a software layer--hypervisor kernel132--constructed specifically to provide an interface for the virtualmachines. Kernel 132 also may handle any other applications running onit that can be separately scheduled, as well as a console operatingsystem that, in some architectures, is used to boot the system andfacilitate certain user interactions with the virtualization software.

PCI SR-IOV

Many modern computing devices employ input/output (10) adapters andbuses that utilize some version or implementation of the PeripheralComponent Interconnect (PCI) standard, which specifies a computer busfor attaching peripheral devices to a computer motherboard. PCI Express(PCIe) is an implementation of the PCI computer bus that uses existingPCI programming concepts, but bases the computer bus on a different andmuch faster serial physical-layer communications protocol. In additionto the PCI and PCIe specifications, the PCI-SIG has defined input/outputvirtualization (IOV) standards for defining how to design an I0 adapterthat can be shared by several virtual machines.

The term “function” is used in the PCI context to signify a device withaccess controlled by a PCI bus. A PCI function is identified within asingle PCI root complex by its PCI or PCIe bus, device, and slotidentifiers. A PCI function includes a configuration space, whichincludes both device dependent and device independent regions used byhost software to support device relocation on the PCI bus, flexibledevice-to-interrupt binding, device identification, and deviceconfiguration. A function also includes memory space which is identifiedby Barrier Address Registers in configuration space and provides amemory mapped I0 interface for host I0 initiated from host to thedevice. A PCIe function also includes message space which is identifiedby MSI and MSI-X capabilities in configuration space and provides eitheror both MSI/MSI-X message based interrupt generation. Many network(e.g., Ethernet) and storage (e.g., disk) adapters are implemented asPCI or PCIe compliant adapters and are recognized by a machine's PCIsub-system as a single PCI function. Multi-port PCI or PCIe adapterssimply appear to a host PCI sub-system as multiple PCI functions.

Embodiments of the invention provide virtual disk to a guest exploitingsingle root input output virtualization (SR-IOV). Techniques specifiedin the PCI SR-IOV specification can be used to reduce the CPU impact ofhigh throughput workloads by bypassing the virtualization intermediary.The term “single root” refers to a single root complex as contrastedwith a multiple root complex. In a PCI Express system, a root complexdevice couples the processor and memory subsystem to a PCI Expressswitch fabric comprised of one or more switch devices. The root complexgenerates transaction requests on behalf of the processor, which isinterconnected through a local bus.

FIG. 5 illustrates an architecture that may be used, in embodiments ofthe invention, to provide virtual disk to a guest using SR-IOV. Forthat, a storage PCIe hub 140 is defined that is a PCIe endpoint with asingle physical function (PF) and multiple virtual functions (VFs). ThePCIe hub includes an address mapping unit 142, an authentication unit144 and multiple PCIe ports to connect to existing PCIe storagecontrollers 150, 152. The storage PCIe hub controls the connected PCIestorage controllers and provides all means for the initialization of thecontrollers including the initial capability scan and disk discovery.This information will be reflected to the hypervisor 160 over the PF ofthe PCIe hub when the hypervisor does its disk discovery during boot.

When a guest 162, 164 is created, a VF of the storage PCIe hub 160 isassigned to the virtual machine as a generic storage device. At firstboot, the guest will send a specific request block over the VF's mmiospace to the storage PCIe hub. This request control block includes theguest parameters for the disk such as size and QoS (IOPS) and also anauthentication key for the requested virtual disk. The VF will trigger,as action to this request block, an interrupt from the PF of the PCIestorage hub to the hypervisor.

Over PCIe methods on the PF, the hypervisor 160 will then retrieve thedata of the request block and grant or reject the request based on theallowance of the guest. On grant, the hypervisor will send aconfiguration command block over the PF to the storage PCIe hub 140containing the QoS and the mapping from blocks of the physical disk. Themapping will be cached inside the storage PCIe hub for dynamic mappingof DMAs to the guests. Besides the mapping, the authentication key, inembodiments of the invention, is stored on the disks for faulttolerance. After this is finished, an interrupt is presented to therequesting guest which will retrieve the status by PCIe means.

For subsequent boots, the guest will send to the VF the authenticationkey in a command block requesting access only. The storage PCIe hubhardware and firmware will present an interrupt to the hypervisor andprovide the request for mapping. The hypervisor will respond with PCIemeans to set up the mappings in the storage PCIe hub. After that, aninterrupt is presented to the guest and the response block is providedover the VF of the guest.

Once the authentication set up is done, the vdisk can be accesseddirectly from the guest without intervention of the hypervisor. Thestorage PCIe hub implements the per vdisk mapping of logical vdiskblocks to physical disk blocks while enforcing QoS. Those blocks mappedto the guest are only visible and accessible to those guests containingthe authentication key. Since the access to the vdisk is done over theauthentication key, multiple guests or the hypervisor can access thevdisk in order to do backup and other maintenance related functions.

FIG. 6 illustrates a mechanism for providing virtual disk to the guest.At 172, the guest triggers a block read command to a VF of the storagePCIe hub; and at 174, the storage PCI hub translates the virtual blocknumber of the tuple of physical storage device and physical blocknumber. At 176, the DMA address coming with the command read, or acommand write, is remapped into a new unique address based on the DMAaddress itself and the VF identification.

The read or write command is, at 180, sent to the appropriate storagedevice with the translated block number and the direct memory access(DMA) address. The storage device, at 182, does the read and triggers aDMA write to the storage PCIe hub. At 184, the storage PCIe hubtranslates the DMA addresses back to the DMA addresses of the originalrequest and the corresponding VF identification. At 186, the PCIe packetfrom the storage device is forwarded by only replacing the address fieldwith the translated address to the corresponding VF.

The write mechanism is analogous using the same mapping facilities.

While it is apparent that embodiments of the invention herein disclosedare well calculated to fulfill the features discussed above, it will beappreciated that numerous modifications and embodiments may be devisedby those skilled in the art, and it is intended that the appended claimscover all such modifications and embodiments as fall within the truespirit and scope of the present invention.

1. A method of providing a guest with access to a virtual storage on aphysical storage using a peripheral component interface hub, the methodcomprising: the guest sending to the peripheral component interface huba request to access the physical storage, the request including physicaladdresses of the physical storage; the peripheral component interfacehub sending specified information about the request to a hypervisor; thehypervisor determining whether to grant or to reject the request fromthe guest; when the hypervisor grants the request, the hypervisorsending to the peripheral component interface hub a mapping of addressesfrom the physical storage to addresses from the virtual storage; theperipheral component interface hub caching the mapping for mapping ofdirect memory accesses to the guests; and the peripheral componentinterface hub implementing mapping of virtual storage blocks to physicalstorage blocks for the direct memory accesses to the guest.
 2. Themethod according to claim 1, wherein the peripheral component interfacehub caching the mapping includes the peripheral component interface hubcaching the mapping inside the peripheral component interface hub. 3.The method according to claim 2, wherein the peripheral componentinterface hub caching the mapping includes the peripheral componentinterface hub caching the mapping inside the peripheral componentinterface hub for dynamic mapping of direct memory accesses to theguest.
 4. The method according to claim 1, further comprising: the guestsending an authentication key to the peripheral component interface hubto authenticate the guest to the peripheral component interface hub; andstoring the authentication key on the physical storage.
 5. The methodaccording to claim 4, wherein access to the virtual storage is done overthe authentication key.
 6. The method according to claim 4, whereinmultiple guests access the virtual storage over the authentication key.7. The method according to claim 4, wherein the hypervisor accesses thevirtual storage over the authentication key.
 8. The method according toclaim 1, further comprising the peripheral component interface hub usingsaid mapping to replace the physical addresses in the request withtranslated virtual addresses.
 9. The method according to claim 2,further comprising: the peripheral component interface hub forwardingthe request from the guest, with the translated virtual addresses, to astorage controller; and the storage controller using said translatedvirtual addresses to access the virtual storage to respond to therequest from the guest.
 10. The method according to claim 1, wherein thephysical storage includes multiple physical storage devices.
 11. Asystem for providing a guest with access to a virtual storage on aphysical storage, the system comprising: a peripheral componentinterface hub for receiving from the guest a request to access thephysical storage, the request including physical addresses of thephysical storage; and a hypervisor for receiving from the peripheralcomponent interface hub specified information about the request; thehypervisor determining whether to grant or to reject the request fromthe guest; when the hypervisor grants the request, the hypervisorsending to the peripheral component interface hub a mapping of addressesfrom the physical storage to addresses from the virtual storage; theperipheral component interface hub caching the mapping for mapping ofdirect memory accesses to the guests; and the peripheral componentinterface hub implementing mapping of virtual storage blocks to physicalstorage blocks for the direct memory accesses to the guest.
 12. Thesystem according to claim 11, wherein the peripheral component interfacehub caching the mapping includes the peripheral component interface hubcaching the mapping inside the peripheral component interface hub. 13.The system according to claim 12, wherein the peripheral componentinterface hub caching the mapping includes the peripheral componentinterface hub caching the mapping inside the peripheral componentinterface hub for dynamic mapping of direct memory accesses to theguest.
 14. The system according to claim 11, further comprising: theguest sending an authentication key to the peripheral componentinterface hub to authenticate the guest to the peripheral componentinterface hub; and storing the authentication key on the physicalstorage.
 15. The system according to claim 14, wherein access to thevirtual storage is done over the authentication key.
 16. An article ofmanufacture comprising: at least one tangible computer readable hardwaredevice having computer readable program code logic tangibly embodiedtherein to provide a guest with access to a virtual storage on aphysical storage using a peripheral component interface hub, thecomputer readable program code logic, when executing on a computer,performing the following: sending to the peripheral component interfacehub a request from the guest to access the physical storage, the requestincluding physical addresses of the physical storage; sending specifiedinformation about the request from the peripheral component interfacehub to a hypervisor; using the hypervisor to determine whether to grantor to reject the request from the guest; and when the hypervisor grantsthe request, sending a configuration command from the hypervisor to theperipheral component interface hub, said configuration command includinga mapping of addresses from the physical storage to addresses from thevirtual storage; the peripheral component interface hub caching themapping for mapping of direct memory accesses to the guests; and theperipheral component interface hub implementing mapping of virtualstorage blocks to physical storage blocks for the direct memory accessesto the guest.
 17. The article of manufacture according to claim 16,wherein the peripheral component interface hub caching the mappingincludes the peripheral component interface hub caching the mappinginside the peripheral component interface hub.
 18. The article ofmanufacture according to claim 17, wherein the peripheral componentinterface hub caching the mapping includes the peripheral componentinterface hub caching the mapping inside the peripheral componentinterface hub for dynamic mapping of direct memory accesses to theguest.
 19. The article of manufacture according to claim 16, furthercomprising: the guest sending an authentication key to the peripheralcomponent interface hub to authenticate the guest to the peripheralcomponent interface hub; and storing the authentication key on thephysical storage.
 20. The article of manufacture according to claim 19,wherein access to the virtual storage is done over the authenticationkey.